From e31f040ae3b2a4d5e37e45b0351912dfb57489d7 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Tue, 7 Apr 2026 17:45:02 +0000 Subject: [PATCH 1/2] feat: add ci.yml workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds required CI workflow with lint, test, build gates for Go backend and React Native/Expo frontend per coding-standards.md §7. Closes #46 Co-authored-by: don-petry --- .github/workflows/ci.yml | 124 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..c70b876f --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,124 @@ +# CI — lint, test, build for Go backend and React Native/Expo frontend. +# +# Gates per coding-standards.md §7: +# Backend: golangci-lint, go test (short + integration), coverage ≥80% line, +# go build ./cmd/api/, gqlgen validate +# Frontend: tsc --noEmit, eslint, prettier --check, jest --ci --coverage ≥80%, +# graphql-codegen --check +# +# Ecosystem detection mirrors dependency-audit.yml so jobs are skipped when +# the corresponding source tree does not yet exist. +name: CI + +on: + push: + branches: [main] + pull_request: + branches: [main] + +permissions: {} + +jobs: + # ── Detect which source trees are present ────────────────────────────────── + detect: + name: Detect ecosystems + runs-on: ubuntu-latest + outputs: + go: ${{ steps.check.outputs.go }} + node: ${{ steps.check.outputs.node }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + + - name: Detect ecosystems + id: check + run: | + if find . -name 'go.mod' -not -path '*/vendor/*' | grep -q .; then + echo "go=true" >> "$GITHUB_OUTPUT" + else + echo "go=false" >> "$GITHUB_OUTPUT" + fi + + if find . -name 'package.json' -not -path '*/node_modules/*' | grep -q .; then + echo "node=true" >> "$GITHUB_OUTPUT" + else + echo "node=false" >> "$GITHUB_OUTPUT" + fi + + # ── Go backend ───────────────────────────────────────────────────────────── + backend: + name: Backend CI + needs: detect + if: needs.detect.outputs.go == 'true' + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + with: + go-version-file: go.mod + cache: true + + - name: Lint + uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8 + with: + version: v2.1.6 + + - name: Build + run: go build ./cmd/api/ + + - name: Validate GraphQL schema + run: go run github.com/99designs/gqlgen validate + + - name: Unit tests + run: go test ./... -short -count=1 + + - name: Integration tests + run: go test -tags=integration ./... -count=1 + + - name: Coverage check (≥80% line) + run: | + go test ./... -short -count=1 -coverprofile=coverage.out + pct=$(go tool cover -func=coverage.out \ + | awk '/^total:/ { gsub(/%/, "", $NF); print $NF }') + echo "Coverage: ${pct}%" + awk -v p="$pct" 'BEGIN { + if (p+0 < 80) { print "Coverage " p "% is below required 80%"; exit 1 } + }' + + # ── React Native / Expo frontend ─────────────────────────────────────────── + frontend: + name: Frontend CI + needs: detect + if: needs.detect.outputs.node == 'true' + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: lts/* + cache: npm + + - name: Install dependencies + run: npm ci + + - name: Type check + run: npx tsc --noEmit + + - name: Lint + run: npx eslint . --max-warnings 0 + + - name: Format check + run: npx prettier --check . + + - name: GraphQL codegen check + run: npx graphql-codegen --check + + - name: Test + coverage (≥80% branch and line) + run: npx jest --ci --coverage --coverageThreshold='{"global":{"lines":80,"branches":80}}' From 88b5ce2f8c31b5230c9bf24a808dfc0023b5d356 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Tue, 7 Apr 2026 17:45:31 +0000 Subject: [PATCH 2/2] fix: add contents: read permission to detect job The detect job uses actions/checkout which requires contents: read. The workflow-level permissions: {} denied it implicitly. Co-authored-by: don-petry --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c70b876f..3b4a4ed9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,6 +23,8 @@ jobs: detect: name: Detect ecosystems runs-on: ubuntu-latest + permissions: + contents: read outputs: go: ${{ steps.check.outputs.go }} node: ${{ steps.check.outputs.node }}